If this is your first visit, be sure to
check out the FAQ by clicking the
link above. You may have to register
before you can post: click the register link above to proceed. To start viewing messages,
select the forum that you want to visit from the selection below.

Hello Guest,Our records indicate that you have never posted to our site before! Why not make your first post today by saying hello to our community in our Introductions forum.

Please review the forums rules, start with your first post today and become an active part of petri.co.il forums now!

Set HKCU Reg Key & Values for all users

19th July 2010, 07:48

I need to make a registry key change in HKCU for every user that logs in to the Terminal Server, is there a way that I can apply this change to every user account without having to login as each user and manually run the registry update?

I wrote a powershell script to make the changes, however it won't seem to run on account of it needing admin privileges.. I've also got a .reg file, but I'm assuming that will see the same end.

Any help would be appreciated.

__________________________

It's a 2008 Standard server in a workgroup running as a Terminal Server.

I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
Go Here for their free 5GB: http://www.idrive.com/p=gavamm
I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

Comment

Hmm, now that I think about it I will also try and run regedit as a command propmt option, ie regedit.exe ...
That should have been my first thought..

I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
Go Here for their free 5GB: http://www.idrive.com/p=gavamm
I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

Comment

The Terminal Servers are running Windows Server 2008,, IMHO the best option would be one of,

1) Use Group poplicy Preferences to modify the user's Registry
- use loopback policy linked to the Terminal Servers (this is to make sure the script does not run on the fat clients also).

2) Run a user logonscript through GPO
- use loopback policy for a GPO linked to the Terminal Servers OU!
- OR, use a routine in the script to determine if the user is logged on remotely, and link the GPO to the OU containing the user objects.
(also to make sure the script does not run on the fat clients)

note,
When using a logon script you don't have to use a separate reg-file.
On a configured computer use REG.exe. QUERY to list the keys. Pipe the output to a txt-file. In the Logon script use REG.exe ADD - using the /v "values", /t "values" and /d "values" copied from the temporary txt-file. End each of the REG.exe ADD command lines with: /F

\Rems

This posting is provided "AS IS" with no warranties, and confers no rights.__________________

Comment

I can see that registry key on our domain server (Computer Configuration - Windows Settings - Security Settings - Registry), but not on this client server that is in workgroup mode. So I'm assuming this is only available in a domain environment.

I'll have to go with the registry command line option I was thinking of. Will see if it will allow me to run it through standard users login scripts when they login.

I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
Go Here for their free 5GB: http://www.idrive.com/p=gavamm
I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
Go Here for their free 5GB: http://www.idrive.com/p=gavamm
I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.

Comment

By Logon Script:
The command you had added to login script: regedit.exe /s \\MySvr\Share\changes.reg
should be replaced with: reg.exe import "\\MySvr\Share\changes.reg"

You can also use reg.exe /ADD ... in a batch (see note in my previous mail), or, you can use vbs to add the entries.

by GPO:
The 'Registry' policy that you found under Windows/Security is for setting permissions on an existing key, it cannot be used to add entries.

Use Group Policy Preferences (this is not available in GPMC on a Windows Server 2003 computer).

For adding the key by gpo you have 3 options,
- create a custom ADM
- Install RSAT on a Vista or 7 client and configure Preferences/Registry
- On any Server 2008 member server, Add GPMC via:-> Server Manager/Features/ADD/check: Group Policy Management - and configure Preferences/Registry in gpmc.msc on that computer.

note, when using GPPreferences "Group Policy Preference Client Side Extensions" must be installed on all the targeting machines if their OS is before Vitsa. For your case the terminal servers running 2k8 therefore you don't have to install anything, except for the Group Policy Management Feature on one of your 2k8 machines.

Comment

I assumed the reg command did the same thing which was why I didn't try that as well.. I'll give it a try.

Regarding the GPMC, it is saying that I need to logon as a domain user before I can use the GPMC (it's installed).

I've heard about ADM's, thanks for the link, I'll have a look.

I've been using this online backup for all my photos, docs, spreadsheets, powerpoints & emails for years now & it works great.
Go Here for their free 5GB: http://www.idrive.com/p=gavamm
I upgraded to the Personal Plan for peace of mind for not much more than a cup of coffee.